AhnLab’s report analyzes Kimsuky malware and C2 infrastructure grouped as Operation Light Shell, a campaign named for a recurring light-shell file found on command-and-control servers. The source says Kimsuky conducts financially motivated and intelligence-collection activity across diplomacy, security, politics, media, health care, defense, education, and cryptocurrency targets. The report focuses on technical patterns that allow related malware families and C2 servers to be clustered, including server-side artifacts used to identify Kimsuky-operated infrastructure. It highlights the operation as a basis for tracking Kimsuky tooling and infrastructure rather than a single isolated intrusion.